package xyz.heyaoshare.validation.validator;

import jakarta.validation.ConstraintValidator;
import jakarta.validation.ConstraintValidatorContext;

/**
 * 防SQL注入 处理器
 * @author YueHe
 * @version 0.0.1
 * @since 2025/6/26 下午2:58
 */
public class SQLSafeValidator implements ConstraintValidator<SQLSafe, String> {

    private static final String[] SQL_KEYWORDS = {
            "\"", "'", "--", ";", "/*", "*/", "xp_", "sp_", "union", "select", "insert", "delete", "update",
            "exec", "execute", "alter", "drop", "create", "truncate", "comment", "declare", "merge", "call", "replace"
    };

    @Override
    public boolean isValid(String value, ConstraintValidatorContext context) {
        if (value == null || value.isEmpty()) {
            return Boolean.TRUE;
        }

        String lowerValue = value.toLowerCase();
        for (String keyword : SQL_KEYWORDS) {
            if (lowerValue.contains(keyword)) {
                return Boolean.FALSE;
            }
        }
        return Boolean.TRUE;
    }
}
